Re: Win98 Screensaver - A Interesting Problem

[shaman2001 () HOTMAIL COM (Shaman)]

Ok, here is the lowdown on screensavers:

Screensavers are just normal win32 progs that are named *.scr in the
windows dir (try clicking on 1).  Windows runs them using commandline's to
perform different things (ie. screensaver.scr /A to change the passwd).  As
it is a normal program, it is upto it to disable the special windows keys
(ctrl-alt-del etc) and stay on top.  Unfortunatly, most screensavers do not
watch to see that they still have focus, and therefore, any program that
makes a windows call to gain focus will recieve any keystrokes, despite not
being on top/visible. In conclusion to this... it's the screensavers fault.
 All screensavers have this problem. :)

I should be more concerned with the following possibilities:
* the screensaver itself is in charge of calling the passwd auth/changing
dialog box (trojan is possible i guess)
* do virus scanners scan *.scr files normally?
* screen savers can bind a socket and allow people in while the screensaver
is active and drop connections when it's not... which means poeple can gain
access, knowing your not watching.
* windows screensavers are normal processes and therefore can be killed by
other programs.  There was a post some time ago about autorun on cd's still
working when screensaver is active.

in short, ordinary screensavers provide virtually no security.  Don't rely
on them to do so.

thats my .01c

Shaman2001.